On 8 August, the UK Department for Science, Innovation & Technology (“DSIT”) published a report titled “Emerging technologies and their effect on cyber security” (the “Report”). It examines how the convergence of AI, IoT, Quantum, Edge Computing, Blockchain and other emerging technologies is transforming the cyber threat landscape. We’ve summarised below some of their key findings and takeaways. In the pursuit of growth and efficiencies many companies are considering how to adopt emerging technology into their operational processes, and the Report provides a useful guide as to emerging cyber risks and where the UK Government’s attention is focused as it launches the Cyber Resilience Bill later this year.
The key concepts and methodology
DSIT defines a number of terms in the Report including the following:
- Technology Convergence—The tendency for technologies that were originally unrelated to become more closely integrated and even unified as they develop and advance.
- Emerging Technology—a technology whose development, practical applications, or both are largely unrealised. These technologies are generally new, but also may include old technologies finding new applications.
- Converged Technology Pairing—Two technologies that are likely to converge as they develop, as each technology supports and augments the capability of the other.
- Converged Technology Grouping—A group of more than two technologies that are likely to converge as they develop, as each technology augments the capability of the group.
The overall questions DSIT looked at are:
- Which groups or pairings of emerging technologies are likely to create novel/compounding cyber security risks?
- Which industries will be affected by such novel/compounding cyber security risks?
- Which applications of emerging technologies are most likely to be affected by technology convergence?
Technology pairings and new security risks
The Report provides an analysis of specific use cases and examples of Converged Technology Pairings, whilst presenting the cyber concerns that arise due to such convergence. Some examples from the Report are set out below.
The above is a brief selection of what DSIT examined for the purposes of this article. The Report also details other pairings.
Commentary
Organisations across all industries are now expected to keep up with technological advancements to maintain a competitive edge, and this will likely lead to adoption of more emerging technologies that converge. Of course there are benefits to being an early adopter, but there are several risks associated including the cyber ones shown above. To facilitate growth, efficient innovation and information governance can be both a competitive differentiator and an essential to mitigating compliance risks. Businesses should have in place governance that allows you to make the right competitive decisions, whilst having full knowledge to mitigate against cyber risks and adopt the right security protocols.
Organisations should be aware that emerging technology convergence could attract future regulatory scrutiny. DSIT’s findings show an overlap with existing frameworks, and sector specific rules (such as security by design). Considerations should be made in multi-vendor ecosystems and contracts should address and reflect the risks that come from combined technologies and be forward looking on advancements. Vetting of vendors should consider looking at interdependencies, especially as technology converges it may be difficult to differentiate between which party is at fault particularly in relation to cybersecurity incidents.
Businesses should also review incident response processes to ensure there are mechanisms to adapt processes to innovation – especially as additional emerging technologies are adopted. It will be important to ensure collaboration between suppliers. Regulatory reporting triggers may also overlap across regimes as these convergences become more complex – mapping out such requirements may reduce delays when you come across an incident.
As organisations navigate the complexities of emerging technologies, a proactive approach to governance, regulatory compliance, and collaborative incident response will be essential in safeguarding against cyber risks.
